Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2022-45410

Опубликовано: 04 сент. 2025
Источник: msrc
CVSS3: 6.5
EPSS Низкий

Описание

When a ServiceWorker intercepted a request with FetchEvent, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was addressed in the spec and then in browsers. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

FAQ

Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?

One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.

EPSS

Процентиль: 34%
0.00133
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-45410

CVSS3: 6.5
ubuntu
около 3 лет назад

When a ServiceWorker intercepted a request with <code>FetchEvent</code>, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was addressed in the spec and then in browsers. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

redhat логотип

CVE-2022-45410

CVSS3: 6.1
redhat
около 3 лет назад

When a ServiceWorker intercepted a request with <code>FetchEvent</code>, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was addressed in the spec and then in browsers. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

nvd логотип

CVE-2022-45410

CVSS3: 6.5
nvd
около 3 лет назад

When a ServiceWorker intercepted a request with <code>FetchEvent</code>, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was addressed in the spec and then in browsers. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

debian логотип

CVE-2022-45410

CVSS3: 6.5
debian
около 3 лет назад

When a ServiceWorker intercepted a request with <code>FetchEvent</code ...

github логотип

GHSA-gvhf-4hjq-39hg

CVSS3: 6.5
github
около 3 лет назад

When a ServiceWorker intercepted a request with <code>FetchEvent</code>, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was addressed in the spec and then in browsers. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

EPSS

Процентиль: 34%
0.00133
Низкий

6.5 Medium

CVSS3